Abstract: An improved financial terminal automatically reconfigures into different financial processing terminal types. In one embodiment, the terminal comprises a housing; a card reader configured to accept at least a portion of a card having an integrated circuit; at least one display; at least one processor; and at least one memory configured to store machine readable code, the machine readable code comprising a first kernel corresponding to a first transaction type and a second kernel corresponding to a second transaction type.

Abstract: The present disclosure relates to a method and a device for processing a verification code. The method includes: acquiring the verification code in a message; determining whether the verification code has expired; and allowing an operation corresponding to the verification code if the verification code has not expired.

Abstract: A system includes a processor configured to detect a vehicle wireless signal at a first frequency-band. The processor is also configured to choose a second signal at a second frequency-band having a predefined relationship to a requested action. The processor is further configured to connect to the second signal and lower a signal data-transfer rate, responsive to the detection, and use the second signal to perform a time-of-flight based user-proximity detection, to determine if a user is within a vehicle proximity range associated with the requested action.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: There is provided a communication device including: a storage unit configured to store an authentication key generated from a plurality of keys; a communication unit configured to receive authentication key identification information for specifying the authentication key; and an authentication unit configured to perform an authentication process for a transmission source of the authentication key identification information using the authentication key specified from the storage unit based on the authentication key identification information.

Abstract: A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user's IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user's certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient's certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients.

Abstract: A method for communicating medical data includes forming a secure channel between a first medical device and a second medical device connected to each other through a network on the basis of first authentication information of the first medical device and second authentication information of the second medical device; encrypting medical data that is obtained by the first medical device using a secure circuit that is provided in the first medical device; and transmitting the encrypted medical data to the second medical device through the secure channel.

Abstract: A wireless communication device 1 encrypts a passphrase which corresponds to a communication mode after change and which is a character string for authentication by using an encryption key PTK corresponding to a communication mode before change, and transmits the encrypted passphrase to a wireless communication device 2, and also creates an encryption key PTK corresponding to the communication mode after change from the passphrase corresponding to the communication mode after change. The wireless communication device 2 receives the encrypted passphrase transmitted from the wireless communication device 1 and decrypts the encrypted passphrase by using an encryption key PTK corresponding to the communication mode before change, and also creates an encryption key PTK corresponding to the communication mode after change from the decrypted passphrase.

Abstract: A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.

Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Abstract: A method of establishing a network by sharing a secret between a first entity (A) and a second entity (B), comprising the steps of: the first entity (A) broadcasting (100) an ANNOUNCE message announcing its identity and details of other entities it is aware of, wherein each of the other entities of which it is aware is associated with a particular nonce, and the message is encrypted using a broadcast encryption scheme common to the first and second entities (A,B), and; the second entity (B), upon receiving and decrypting the ANNOUNCE message, transmitting (110) to the first entity (A) a SHARE message, wherein the SHARE message comprises a signcryption of the secret, authenticated using signcryption data associated with the particular nonce associated with the second entity (B).

Abstract: A method of identifying contact between terminals, and a computer program and an application for executing the method are disclosed. The method for identifying contact between terminals according to this invention includes the server receiving from a first terminal a first state information data of a first terminal based on information about an external magnetic force of the first terminal generated by a first terminal; receiving, by the server, second state information data of the second terminal based on the information about the external magnetic force of the second terminal generated in the second terminal from the second terminal; determining whether a difference between a time when the first state information data is generated and a time when the second state information data is generated is within a preset time; and the step of transmitting a message to at least one of the first terminal and the second terminal according to the determination by the server.

Abstract: A user terminal device is disclosed. A user terminal device that supports an instant messenger service includes: a display unit for providing an instant messenger service screen including an output message; and a control unit for, when the output message is an encrypted message, decrypting the encrypted message according to a predetermined event and providing the decrypted message to the screen or another screen separate from the screen.

Abstract: The present invention is directed to a node (device), system, and computer program for providing secure dynamic address resolution and communication, without having to utilize third party DNS and/or MX server(s). Accordingly, a node may include processor and memory having instructions thereon, that when executed, cause the node to pair with another node. The pairing may include creating a DNS record on the node including a current address associated with the second node, this current address may be dynamically updated. The instructions may further allow the node to transmit a message to the second node, based on a resolved address from the DNS record on the first node. Authentication, dynamic message encryption and the provision of a DNS cache may further be implemented on the node.

Abstract: An anonymity authentication method for wireless sensor networks is provided. A smart card carried by a user is used to provide two-factor verification protection. Moreover, a random factor and a hash function operation are introduced for participating an operation of the transmitted messages in all phases. Moreover, the operation of the transmitted messages uses only hash function and XOR operator.

Abstract: Methods, systems and apparatus are provided for facilitating financial transactions using an IC type financial card via a terminal. A user is provided a list of transaction types, such as PIN-based, signature-based, etc., and a requested transaction is processed via a first selected transaction type. If the transaction is unsuccessful, the terminal automatically presents a list of remaining available transaction types from which the user may select and the transaction is processed by the next selected transaction type. If the transaction is successful, funds are provided to the user, such as in the form of currency/coins or funds transfer.

Abstract: A method and a cryptographic device for encrypting/decrypting an input message by using an algorithm having as entries, said input message, a cryptographic key, and a complementary unique value used as parameter of the algorithm. The output data is formed by the input message decrypted/encrypted by the algorithm using the cryptographic key and the complementary value. The latter is determined on the basis of a unique value physically bound to an electronic device by using a physically unclonable function (PUF) which is inherent to this device and which is used to generate this unique value from a plurality of physical measurements carried out on components integrated in said device.

Abstract: A system tunnels real-time communications (“RTC”). The system creates a connection between a tunneling client and a signaling server. The connection includes a stream-based tunnel between the tunneling client and a tunneling server and a stream connection between the tunneling server and the signaling server. The system then receives, from the tunneling client, stream traffic encapsulated as datagram traffic within the stream-based tunnel. The system translates the datagram traffic into the stream traffic, and forwards the stream traffic to the signaling server over the stream connection.

Abstract: In one embodiment, a system including one or more hardware processors is: to receive a user request to access a website; sign a nonce with at least some of the plurality of group private keys, the at least some of the plurality of group private keys corresponding to personalization attributes of the website; and send the signed nonce to a web server to enable personalized interaction with the web server. Other embodiments are described and claimed.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, limits data access to the owning entity, and is stored as metadata for the encryption unit.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: In one embodiment, a method includes receiving, in a system of an external verifier of a first network, a plurality of attestation reports and a plurality of attestation values from a plurality of reporting nodes of the first network, each of the plurality of attestation values randomly generated in the corresponding reporting node based on a common random seed value; determining whether at least a threshold number of the plurality of attestation values match; responsive to at least the threshold number of the plurality of attestation values matching, decrypting the plurality of attestation reports, processing the decrypted plurality of attestation reports to obtain aggregated telemetry data of the plurality of nodes, where identity of the plurality of nodes remains anonymous to the external verifier; and enforcing a security policy based at least in part on the aggregated telemetry data. Other embodiments are described and claimed.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a Controller Area Network (CAN) device includes a security module connected between a CAN bus interface of a CAN transceiver and a microcontroller communications interface of the CAN transceiver and a shield device connected between the CAN bus interface and the microcontroller communications interface. The security module is configured to perform a security function on data traffic received from the CAN bus interface or from a Serial Peripheral Interface (SPI) interface of the microcontroller communications interface. The shield device is configured to direct CAN Flexible Data-rate (FD) traffic received from the CAN bus interface to the security module.

Abstract: An information storage device including one or more processors configured to store an encrypted content and to control access of an external device to the information storage device is provided. The one or more processors are further configured to store a converted title key obtained by converting a title key which is an encryption key to be applied to decryption of the encrypted content, and a user token obtained by converting binding secret information to be applied to calculate the title key from the converted title key. The one or more processors are further configured to allow the external device having a confirmed access right to the information storage device to read out the user token.

Abstract: Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network.

Abstract: System and method to digitally validate a document, the method including: receiving, by a secure development platform (SDP), a security information from an end user, the SDP comprising an SDP processor coupled to a secure SDP memory; exchanging a security token with a user device based upon the security information; receiving, from the user device, a request for a digital certificate; managing and storing public/private key pairs; transmitting, to the PKI service processor, the request for a digital certificate; if information in the request for a digital certificate is correct: creating the digital certificate; and receiving the digital certificate from the PKI service processor; and storing the digital certificate in the secure SDP memory, the secure SDP memory not directly accessible by the user device, the SDP processor configured to request a signature generation by use of the private key associated with the digital certificate, the SDP processor configured to request a validation by use of the digital c

Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.

Abstract: A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Abstract: A method analyzes traps in a semiconductor device by determining a first-order derivative of a signal representing an operation of the semiconductor device over time to produce a signal rate change. The traps in the semiconductor device are analyzed based on lifetimes corresponding to peaks of the signal rate change.

Abstract: A decentralized and distributed secure home subscriber server is provided. First data can be sent representing a first nonce string to a mobile device; and in response to receiving second data representing the first nonce string and a second nonce string, a communication channel can be established with the mobile device as a function of the first nonce string.

Abstract: At least one embodiment refers to a method for securely exchanging messages between at least two devices, each of them storing a shared secret key. The method comprises: at each device: generating a random number, then sending it to the other devices; determining a first key by a first operation based onto said secret key and each random number; determining a second key based on said first key and said random numbers; at a sending device: determining a pseudo message on the basis of the message and said random numbers; calculating then sending a cryptogram on the basis of said pseudo message and said second key; and at the receiving device: decrypting said cryptogram by means of said second key; and retrieving said message from said pseudo message.

Abstract: A transmitter for a quantum communication system, the transmitter comprising an interferometer, the interferometer having a first path with a phase modulator and a second path configured such that light pulses entering the interferometer follow either the first path or the second path, the output of the first and second paths being combined, the transmitter further comprising an optical filter positioned such that photons exiting the interferometer pass through the optical filter, the optical filter being configured to restrict the frequency range of pulses passing through the optical filter and temporally broaden the pulses.

Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.

Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.

Abstract: Embodiments provide secure messaging communications. In an embodiment, a method comprises receiving, by a service provider processor, an encrypted message and a key from a sender associated with a first client device that is remote from the service provider, wherein the first client device internally encrypts the message. The message also comprises verifying the received key based on at least a comparison with a pre-determined key. Once the received key is verified, the method also comprises processing one or more unique factors associated with the sender or the first client device, wherein the one or more unique factors are known by the service provider. The method further comprises decrypting the message and re-encrypting the message using a key of a receiver associated with a second client device; and sending the re-encrypted message to the receiver associated with the second client device, wherein the second client device decrypts the message.

Abstract: A data storage device in a distributed computing system has physical block addresses that are each allocated to multiple namespaces. To access the data storage device, a host system issues a command to the data storage device that includes an access key and a virtual block address to be accessed. The data storage device converts the virtual block address to a physical block address of the data storage device using a mapping associated with the access key. Access to a physical data block associated with a particular namespace is granted only if an access key for that namespace is provided to the data storage device.

Abstract: Data processing method and related devices for determining the result of a first type of operation involving an operand in an electronic entity comprising a non-volatile storage unit, includes the following steps: converting a data, derived from at least one key portion designed to be used with the operand in the first type of operation, into a key data adapted to be used with the operand in a second type of operation; storing the key data in the non-volatile storage unit; reading in the non-volatile storage unit the key data; performing the second type of operation with the read key data and the operand.

Abstract: Organizations maintain and generate large amount of sensitive information that needs to be saved electronically and there is a need to store that data remotely with a data storage service provider. To prevent unauthorized access to the information stored by organizations on storage provided by the service provider special cryptographic devices, such as an Inline Data Encryptor, can be used to ensure that the information remains secret. The Inline Data Encryptor uses a fill device with secret cryptographic information to encrypt data.

Abstract: The present invention relates to a virtual machine (VM) for processing digital data (MD), in particular medical data by executing a digital data processing application program, in particular a medical data application program called MeDPAP, the virtual machine (VM) being a simulation of a computer, the virtual machine comprising at least the following components: • a MeDPAP controller (MC) which is constituted —so that it can be addressed by a Uniform Resource Identifier called VM-URI via a wide area network (WAN), —to support direct interoperable interaction with a client application (MCA) over the wide area network (WAN), —to assign a Uniform Resource Identifier called MeDPAP-URI to the MeDPAP, and —to send the assigned MeDPAP-URI to the client application via the wide area network (WAN); and • the MeDPAP which is constituted —to process the digital data (MD), —so that it can be addressed by the client application via the wide area network (WAN) by using the MeDPAP-URI, and —to support direct interaction wi

Abstract: A method of pairing a first device with a second device is disclosed. Accordingly, an image that includes encoded data is generated. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code.

Abstract: A method of operating data security and an electronic device supporting the same are provided. The method includes executing a general Application (App) based on a non-trusted execution module; executing a first trusted App related to the execution of the general App based on a trusted execution module; generating a message by encrypting data generated in the first trusted App; transmitting the encrypted message to the general App; and transmitting the encrypted message to a second trusted App related to the execution of the general App and executed based on the trusted execution module.

Abstract: The present invention provides an efficient secure end-to-end messaging system utilizing encrypted ephemeral messages. The method comprises the steps of using a combination of HTTPS for transport security, using symmetric key cryptography with rotating temporary keys for individual message security, and using elliptic curve cryptography for key derivation and message authentication. The key rotation scheme used provides forward secrecy even between messages and perfect forward secrecy between sessions.

Abstract: The present invention discloses a dynamic password authentication method and a system thereof. The method comprises: a server receives first information sent from the client, generates second information according to the first information, sets every transmission bit in the second information to be in corresponding brightness status or color status to obtain a third information and sends it to a client; the client transforms the third information into impulse optical signal and outputs it; a dynamic password device transforms the impulse optical signal into intermediate information, extracts part or all of it and transforms it into display information; the dynamic password device receives trigger information, generates a first dynamic password; the server generates a second dynamic password or a set of second dynamic passwords and verifies whether the first dynamic password is legitimate by it. Security of authentication is improved by the present invention.

Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to a connection server.

Abstract: In a wireless communication system which includes a first electronic device, a second electronic device, and a plurality of third electronic devices, a pairing method of pairing the second electronic device and a particular third electronic device, includes a step in which the first electronic device receives a plurality of pass keys from part or all of the plurality of third electronic devices, a step in which the first electronic device identifies that a pass key of the particular third electronic device is included in the plurality of pass keys using identification information, a step of transmitting the pass key of the particular third electronic device to the second electronic device, a step in which the second electronic device transmits the pass key of the second electronic device to the particular third electronic device, and a step of establishing connection between the second and third electronic devices.

Abstract: An apparatus and method for managing health data through a user terminal are provided. The method includes inputting a user terminal number for identifying the user terminal, and information of a medical instrument for measuring the health data to a management server interworked with the user terminal, receiving, by a receiver, a security type table mapped onto the user terminal number and comprising a security type code for instructing the health data which the medical instrument has measured to be stored in a first memory without security or in a second memory with security, from the management server, and storing the health data in the first memory or the second memory, which the security type code instructs, through determining the security type code of the security type table when the health data is received from the medical instrument.

Abstract: Birefringence in optical fibers is compensated by applying polarization modulation at a receiver. Polarization modulation is applied so that a transmitted optical signal has states of polarization (SOPs) that are equally spaced on the Poincaré sphere. Fiber birefringence encountered in propagation between a transmitter and a receiver rotates the great circle on the Poincaré sphere that represents the polarization bases used for modulation. By adjusting received polarizations, polarization components of the received optical signal can be directed to corresponding detectors for decoding, regardless of the magnitude and orientation of the fiber birefringence. A transmitter can be configured to transmit in conjugate polarization bases whose SOPs can be represented as equidistant points on a great circle so that the received SOPs are mapped to equidistant points on a great circle and routed to corresponding detectors.

Abstract: Using the same mathematical principle of paring with errors, which can be viewed as an extension of the idea of the LWE problem, this invention gives constructions of a new key exchanges system, a new key distribution system and a new identity-based encryption system. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks.